2011 V3n2a10

Journal of Forensic & Investigative Accounting Vol.
3, Issue 2, Special Issue, 2011
Using ACL Scripts to Teach Continuous Auditing/Monitoring: The Tremeg Case Jill Joseph Daigle Ronald J. Daigle James C. Lampe*
This paper presents a two-part case to help students better understand how computer assisted audit tools (CAATs) can be used in either a continuous auditing (CA) or continuous monitoring (CM) context. If an instructor desires to emphasize CA, students can assume the role of an information technology (IT) auditor within the internal audit function of a fictitious company, Tremeg Corporation. If an instructor desires to emphasize CM, students can assume the role of a management accountant responsible for security monitoring. In either scenario, students are concerned with identifying and examining potential threats to IT security. The fictitious company is described as a growing electronic components manufacturer that has recently been awarded a large multi-year defense contract. High among the many concerns and goals of company executives is improving security over network access to data. This concern is one strongly suggested by IT audit guidance and frameworks to be taken seriously by organizations (Warren Gorman & Lamont 2010; ITGI 2007). Many companies in todays business environment recognize the risk of faulty systems security (Ernst & Young 2009). The first part of the case provides instructions and screenshots for guiding students through the step-by-step development of an Audit Control Language (ACL) script that can be run as often as desired, likely weekly or monthly in a practical situation, to detect employees who have been terminated but still have access to network resources. Such accounts should have access immediately disabled because of the threat of fraud and sabotage by the terminated
*
The authors are, respectively, Internal Audit Supervisor at Zions Bancorporation Amegy Bank of Texas, Associate Professor at Sam Houston State University, and Associate Professor at Missouri State University.
277
Journal of Forensic & Investigative Accounting Vol. 3, Issue 2, Special Issue, 2011
employee or another individual obtaining password access. Automating the process by creating a script that can be run on a repetitive and recurring basis for investigative follow-up on results gives students practical insights into CA/CM. The scenario in this case is one that is consistent with IT audit guidance, which strongly suggests that systems security be monitored on an ongoing basis (Warren Gorman & Lamont 2010). The second part of the case gives students more experience with ACL and CA/CM through the creation of another script for detecting active employees who have dormant network accounts. Such employees may have been terminated but did not have their access status changed to inactive by the human resources and/or IT functions. Some employees having dormant accounts may still be active but should no longer have network access. In both situations, the accounts identified should have access immediately disabled because dormant accounts can be an opportunity for fraud and data breaches. Part two can be used as a second step-by-step tutorial, or as an assignment or take-home exam without the detailed instructions and screenshots. Treating part two as an assignment or take-home exam helps determine if students are able to apply the knowledge and skills learned from part one. Students are also required to respond in each part to ethical questions brought about by technology such as ACL, CA and CM and use critical thinking skills as professional auditors or accountants. This two-part case has been successfully used in multiple graduate IT issues and audit courses at two universities with students having no prior knowledge or experience with ACL. Exit survey results collected show that students perceived that the case objectives were met. Students also provided enthusiastic anecdotal feedback. Besides IT audit courses, we believe the case would also be useful in graduate AIS, audit and managerial accounting courses for exposing students to fraud investigation and CA/CM via the use of CAATs.
278
We strongly believe that accounting curricula need to continue a trend toward holism. Courses intended to teach primarily financial, managerial, tax, audit or systems not only need cases that include state of the art technology and fresh techniques being adopted in audit and accounting practice, but also cases that allow students to develop the ethical reasoning and critical thinking required of auditing and accounting professionals. We believe the answer to the question of whether accounting ethics should be integrated into multiple existing technical classes in the curricula versus being taught exclusively in a stand alone course is YES. The Tremeg case allows students to exercise and expand skills in managerial control, auditing, fraud investigation, IT, written communication skills and ethics in one holistic case. We further believe that the scenario provided in the Tremeg case may be useful for behavioral researchers interested in studying some particular aspect of CA/CM. The central concern control of system security is consistent with that highly expressed by business professionals (Ernst & Young 2009), as well as specifically cited as an area deserving attention within organizations (ITGI 2007), including on a continuous basis (Warren Gorman & Lamont 2010). The need for behavioral research in CA and CM has been noted in the literature (for example, Hunton et al. 2004). The scenario in the case, or one similar, could also be used to design research experiments studying some particular aspect of CA/CM. The next section discusses the importance of teaching IT skills in controls monitoring and auditing, including the performance of CA and CM for detecting and investigating potential fraud and errors. Later sections provide an overview of each part of the case, including example screenshots, discussion of how the second part of the case can be modified to be an assignment or take-home exam, and student feedback to the two-part case. Appendices provide tutorials (solutions), an example modification of the second part as a take-home exam, and teaching notes.
279
IMPORTANCE OF TEACHING IT AUDIT SKILLS Whether for a career in industry or public practice, all accounting student graduates entering the workforce are required to have substantial IT literacy. From a financial statement audit perspective, the issuance of Statement of Auditing Standard (SAS) #94 in 2001 recognizes that financial statement auditors must consider the impact of IT on internal control when gaining an understanding, documenting and assessing internal control during audit planning. This
coupled with increasing IT complexity in business has created recognition and demand for IT audit specialists, both external and internal to organizations. As demand continues to rise, more students desire the education and training to help them become IT audit specialists. The requirements for studying and transitioning to become a practicing Certified Fraud Examiner (CFE) involve knowledge and experience in four areas: 1) fraud prevention and deterrence; 2) financial transactions; 3) fraud investigation; and 4) legal elements of fraud.1 The requirements for becoming a Certified Information Systems Auditor (CISA) are also very comprehensive and include the need for knowledge and experience with CAATs.2 Knowledge and experience in using CAATs for performing CA and CM are helpful to all accounting students, but essential for students working towards specialization in IT audit and fraud investigation in todays business environment. IT knowledge, including its application to This is
auditing and fraud investigation, is also important to management accountants.
evidenced by the requirements for successfully becoming a Certified Management Accountant (CMA). The CMA exam specifically tests for in-depth IT knowledge and application (IMA 2010):
1 2
Go to www.acfe.com and link into Membership & Certification then Become a CFE for further detail. Go to www.isaca.org and link into Certification for further detail.
280
The Financial Planning, Performance and Control section includes a subsection on Internal Controls, which covers risk assessment; internal control environment, procedures, and standards; responsibility and authority for internal auditing; types of audits; and assessing the adequacy of the accounting information system. Automated CAATs are being used in business as a means of repeatedly testing and
reporting on subsets of data being processed by a complex IT system i.e., CA and CM. CA is defined as (AICPA/CICA 1999): A methodology that enables independent auditors to provide assurance on a subject matterusing a series of auditor reports issued virtually simultaneously with, or a short time period after, the occurrence of events underlying the subject matter. A similar, yet different, activity to CA is CM. CM is a recurring and repetitive
management process for determining if particular activities of interest are in compliance with policies and procedures implemented by management (ISACA Standards Board 2002). While both CA and CM incorporate similar techniques, CM is a management process (an internal control activity) while CA is an independent audit process (either conducted by an internal or external auditor) (Daigle et al. 2008; Coderre 2005; ISACA Standards Board 2002). The automation of a CAAT allows auditors and accountants to very efficiently test 100% of new transactions or entries in subject matter areas of interest or particular controls, and express results as often as desired with little marginal cost incurred. Results of a 2006 survey of internal auditors report that 50% of the 392 respondents perform CA or CM within their companies, while another 31% plan to develop a CA or CM program (PwC 2006). Results of a 2009 survey of 305 organizations by the Institute of Internal Auditors note that 32% of respondents perform CA within their organization (McCann 2009). These survey results show
281
that CA and CM should be an important topic of coverage for those seeking a career as an IToriented auditor, fraud investigator or management accountant. One of the most commonly used CAATs is referred to as Generalized Audit Software (GAS). Two of the most commonly used GAS packages are ACL and IDEA. The Tremeg case uses ACL. Due to the importance of the topics of IT auditing, CA and CM for detecting fraud and errors, ACL (or similar software such as IDEA) is receiving attention in several auditing and AIS textbooks. Many current textbooks are accompanied by ACL software and provide several short problems for students to solve using the software. ACL also produces an educational version with a site license that allows students to access a more extensive list of problems. At this time, it does not appear that any problems or short cases are available that provide students with experience in using GAS (such as ACL) to perform CA/CM. The two-part case presented here serves to compliment the problems found in current textbooks and the educational version of ACL as a means of providing students with insight to, and some practical experience with, using ACL to perform CA/CM for the purpose of identifying potential fraudulent threats in a fictitious setting. The case can be performed fully on most recent versions of ACL software (such as Versions 8 and 9, with minimal screenshot variations between the two versions), including the educational versions packaged with audit textbooks.3 The next two sections give an overview of each part of the case. The first part of the case is referred to as the terminated user case while the second part is referred to as the dormant account case.
OVERVIEW OF TERMINATED USER CASE The terminated user case has five objectives:
An instructor teaching graduate IT auditing has used the basic structure and data of the two-part Tremeg case using IDEA, and reports to us anecdotal evidence of successful use and adaptation.
282
1) Help understand the concept and application of CA/CM. 2) Help learn how to perform basic ACL activities of: a) Importing data. b) Extracting data. c) Creating tables. d) Joining tables to create a new table. e) Filtering data in a table. f) Exporting data. 3) Help learn how to automate basic ACL activities through the creation of scripts. 4) Gain confidence in the future application of developing computer automation procedures for performing CA/CM after completing the first part of the case. 5) Help better recognize potential ethical issues with an organizations ability to analyze employee network activity. In the terminated user case, students act, at the discretion of the instructor, in either the role of either an IT auditor or a management accountant of a fictitious company, Tremeg Corporation, and complete six technical activities with associated deliverables. Students are first guided through five ACL activities designed to identify terminated employees who may continue to have access to the company network. The sixth activity involves automating the first five activities by developing an ACL script. The script can then be run repetitively, likely weekly or monthly, for investigating whether any terminated users have access to the company network. The script provides an excellent example to students of performing CA/CM at a low marginal cost for testing controls and investigating threats of potential fraud and data breaches. Following successful completion of the technical aspects of using ACL, students are required to perform a
283
seventh activity, which involves considering certain ethical ramifications regarding the analysis of employee network activity, and writing a response in the form of a memo. The task of identifying terminated users who continue to have access to network resources is purposely selected because it is likely a key general control commonly identified by IT management, as well as internal and external auditors testing controls for both internal effectiveness and efficiency and for financial statement audits. For publicly traded companies, the assessment of internal control over financial reporting is the direct responsibility of the CEO and CFO aided by management accountants and compliance officers who provide for the CEO and CFO assurance needed to sign the required report on internal controls. As evidence of the importance of preventing terminated users from having continued network access, a survey of nearly 1,900 senior executives in more than 60 countries reports that 75% of respondents are concerned with IT security threats and data breaches by former employees (Ernst & Young 2009). One conclusion drawn from the survey results is that CA/CM should be implemented to reduce IT security threats and data breaches (Ernst & Young 2009). The overall concern for access security is reflected in numerous parts of COBIT 4.1 Framework (ITGI 2007). The Framework notes access to programs and data as one of the four IT general control categories. The Framework also notes manage changes and ensure systems security as two of the twelve control objectives. The Framework further states that job change and
termination requires management to ensure that appropriate and timely actions are taken regarding job changes and job terminations so that internal controls and security are not impaired. Emphasis is provided when further stating that user account management requires management to establish procedures to ensure timely action relating to suspending and
284
closing user accounts (ITGI 2007). Other IT audit guidance also emphasizes the importance of preventing security breaches when specifying that system access security logs deserve ongoing monitoring (Warren Gorman & Lamont 2010). The use of CA/CM to identify control deficiencies, fraud, waste and abuse is referred to as continuous control assessment (Coderre 2005). IT security deficiencies could be judged by the external auditor to be significant or even material to the likelihood of the financial statements containing misstatements. The terminated user case, therefore, gives students experience with testing a very important general control that should exist and be tested in many current organizations, and to implement a type of test being suggested by practice. Step-by-step instructions and screenshots allow students to see the incremental value of each task, culminating in the automation of all activities for repetitive use. Each activity involves a deliverable, typically a printed report that is straightforward to grade. Table 1 provides an overview of the seven activities in the terminated user case. The complete set of instructions and screenshots for the terminated user case is included in Appendix A. All Excel files referred to can be obtained directly from the authors (Please see Table 1).
Description of Terminated User Case Activities The first activity of the terminated user case involves using the Import command to create a table in ACL populated by the data from an Excel file of all Tremeg employees, whether active or terminated. This activity gives students experience with one of the most basic uses of ACL, importing data for subsequent testing and analysis. The second activity involves using the Extract command to populate a new table with data of terminated employees from the table created in the first activity. This second activity
285
builds upon the first by giving students experience with identifying criteria (terminated employees) for extracting specified records from the larger table of all employees. The resulting distilled table is then available for further testing and analysis in later activities of the case. The third activity involves using the Import command to create a third table populated by all data from a second Excel file of active directory users at Tremeg. This activity is similar to the first activity but using different data. Both the resulting table created in this activity and table extracted in the second activity are subsequently used by students in the fourth activity to determine which terminated users continue to have network access. The fourth activity involves using the Join command to create a fourth table of data for analysis, which is based on data in the tables created in the second and third activities. A report of the data in HTML format is also generated. This activity is the test that identifies those terminated users who continue to have network access, as well as the most recent time of access. Both are important to identify and investigate, but the second item more so because it indicates potential misuse of network resources by terminated employees or some other individual (such as a current employee) who has obtained access through the terminated employees account. Students are told in the tutorial that these terminated employees should be reported to the System Administrator immediately so that access is disabled to prevent any further unauthorized access and an examination be made of activity after the date of termination. The Join command is used to accomplish the two tasks of identifying terminated employees for whom network access has not yet been disabled and determining if unauthorized access has occurred after the date of termination. The Join command matches employee
numbers from the active directory users table with employee numbers in the terminated employees table. A second test is then performed to determine if the associated user account has
286
not been disabled. When both conditions are met, the name and date of termination fields from the terminated employees table are physically joined with the designated fields from the active users table and form a new exceptions table. The Filter command is then run on the data to determine which terminated users have accessed the network since their date of termination. After completing this activity, students are required to compose a memo addressed to Security Administration that discusses their findings. The matching of employee numbers in the terminated employees table with employees in the active users table could also be accomplished via the Relate command. However, When, it is generally more efficient to use the Join command when large tables are to be used for subsequent analysis and testing. Hence the Join command is illustrated in the case. The fifth activity involves using the Export command to create an Excel file populated by the data of terminated users who still have network access. Just as importing data is a common ACL task, so is exporting data. Exporting provides a backup copy of data in a different file format, offers a different means of printing, and allows users who feel more comfortable with Excel to perform their own additional analyses. The sixth activity automates the previous activities through the Script command, thereby providing timely and efficient CA/CM testing on a recurring basis, likely weekly or monthly in a practical situation. This level of recurrence is consistent with the current CA/CM cycles being reported by numerous companies (McCann 2009; Wood 2008; PwC 2006). ACL records all activities performed in a log for that specific ACL project. Script creation is done by copying and pasting commands from the completed activities log into a script editing screen. The following screen shot from the tutorial shows on the left-side of the screen the detailed log of prior commands performed in the case and a blank edit box to the right for creating a script.
287
Students are shown step-by-step how to create a script automating all of the first five activities, as well as adding change control features in the script for documenting creation and maintenance of the script, the turning off of certain pop-up screens and the addition of a popup screen when the script has run successfully. A printout of this script is turned in as one of the deliverables. The following screen shows the completed script for future CA/CM use.
288
The seventh activity involves considering and discussing an ethical issue regarding an organizations capability of analyzing employee network activity. Students are to assume that they have been requested to analyze activity for the month before termination and all subsequent time after the date of termination for terminated users identified previously as still having access. The requested analysis is to include, but not be limited to, consideration of such activities as: playing computer games; personal use of the Internet (especially the viewing of inappropriate websites, shopping, and downloading of videos and music); and downloading critical and sensitive company data. Students are required to write a memo to Tremegs Security
Administration Manager that discusses the ethics of performing such an analysis. The memo should include discussion of what types of employee network activity analyses are likely appropriate (ethical), what types are likely inappropriate (unethical) and reasoning why. This last activity requires students to critically think about privacy issues when analyzing an
289
employees network activities within a business. With the requirements of the memo purposely being open-ended, student responses will likely provide a variety of interesting perspectives and thoughts on the ethical matters being asked to consider. Follow-up class discussions of this particular part of the case have been meaningful and thought provoking. After completing the seven terminated user case activities, a copy of the entire ACL project can be printed or placed on an external device, such as a flash drive, and turned in if the instructor desires to see more detail of the total project. Students see firsthand through the terminated user case the efficiency and effectiveness of ACL script-writing for performing CA/CM to detect and investigate potential fraud and security concerns. Upon completing the terminated user case, students have learned how to use the Import, Extract, Join, Filter and Export commands, as well as the Script command for conducting the test on a repetitive basis. These common activities can be used in other ACL projects. This first introduction to ACL gives students the ability to run ACL for continuously auditing or monitoring for potential network abuse and fraud, as well as consider the ethics of analyzing employee network activities.
OVERVIEW OF DORMANT ACCOUNT CASE The dormant account case is a continuation of the terminated user case with the same fictitious company, Tremeg Corporation. The dormant account case has five objectives: 1. Help better understand further the concept and application of CA/CM 2. Help learn further how to perform basic ACL activities of: a. Importing data b. Extracting data c. Creating tables
290
d. Exporting data 3. Help learn further how to automate basic ACL activities through the creation of a script 4. Gain greater confidence in the future application of developing computer automation procedures for performing CA/CM after completing the second part of the case 5. Help better recognize potential audit independence and impairment issues with sharing automated scripts within an organization
In this part of the case, Tremegs management is interested in identifying and investigating those active directory users (current employees) who have not used their network account in the last 90 days. Some of those identified may be terminated employees who have not been duly noted as such by the human resource function, therefore having the opportunity to commit fraud and data breaches. Others identified as having dormant accounts may be
employees in areas such as production or maintenance who do not regularly use the network. It may be decided by management that control is improved if such employees do not have access. In both situations, network access should immediately be disabled for these individuals by the network administrator. Similar to the test for terminated users with continued access, this test is a likely key general control within many organizations because it stresses the importance of IT security over an organizations data. As with the terminated user case, students are required to examine the output and consider certain managerial and ethical implications with the sharing of scripts within an organization. The dormant account case involves five activities to find dormant accounts able to access the network. This second case provides reinforcement of skills learned in the terminated user case. The dormant account case may be performed similarly to the terminated user case by
291
providing students detailed step-by-step instructions and screenshots of how ACL may be used to identify dormant accounts. Alternatively, this part of the case may be used with less or no accompanying assistance as a separately graded case or take home exam. Assigning in this manner requires students to adapt what they have learned from the terminated user case. The first activity of the dormant account case involves using the Import command to create a table containing all data from an Excel file of active directory users at Tremeg. This activity is the same as the third activity in the terminated user case. The resulting table is subsequently used by students in the second activity to determine which active users have not accessed their accounts in over 90 days. The second activity involves using the Extract command to create a table of certain data based on data from the first table created. This is similar to the second activity in the terminated user case. In the dormant account case, the students command ACL (using the Age function) to compare the last date of login to the network to the current date and create a second table that is populated by those active users who have not accessed their account in over 90 days. The third activity involves using the Export command to create a back-up Excel file populated by data from the table created in the second activity. This third activity is similar to the fifth activity in the terminated user case. The fourth activity is similar to the sixth activity in the terminated user case. Students use the Script command to automate the first three activities, as well as document within their script certain change control information. Students also incorporate other commands regarding pop-up screens that help make script running more efficient and provide appropriate script documentation. The fifth activity involves considering the ethics of sharing ACL scripts within an organization. IT auditors, accountants and managers have a professional oath of loyalty to their
292
employers and the goal of providing management with the information that will best help achieve the long-run goals and mission of the organization. This oath could indicate to some that the sharing of scripts between internal auditors, accountants, and managers is appropriate for ensuring CA and CM are performed properly throughout an organization. However, potential problems exist when CA/CM scripts are shared within an organization, particularly from an auditor independence perspective when auditors create scripts for management use (Daigle et al. 2008). Students are asked to consider the following questions: If an internal auditor creates a successful CA script, should it be shared with other departments or operating divisions? After a management accountant develops a successful CM script, does a problem exist if it is shared with other departments or operating divisions? Students are required to write a memo to Tremegs Board of Directors expressing their ethical and operating concerns regarding the sharing of ACL scripts by internal auditors, accountants and managers with others in the company. As another intentionally open-ended activity, the content of memos may contain a variety of interesting thoughts and perspectives on these ethical questions. Class discussion should be meaningful and thought provoking like that of the discussion of the ethics of analyzing employee network activity. As can be seen by this overview of activities, the dormant account case seeks to reinforce key concepts and skills learned in the terminated user case. Students use many of the same ACL commands, and add use of the Age function, for application to a second area of security concern regarding potential fraud and abuse of a companys data. The complete set of instructions and screenshots for the entire dormant account case is included in Appendix B. The Excel file referred to can be obtained directly from the authors.
293
Using the Dormant Account Case as a Separate Assignment or Take-Home Exam The tutorial for the dormant account case can be given to students to work through, like the tutorial for the terminated user case. However, instructors may consider giving the second case to their students without the instructions and screenshots, and treat as an assignment or a take-home exam. Students should be able to apply much of what was learned in the first case to the second case without using the dormant account tutorial. The tutorial can serve as a key for grading the technical parts of the assignment or exam. Appendix C provides an example of how the dormant account case has been used as a take-home exam after students first complete the terminated user case.
Student Perceptions of the Two-Part Case This two-part case has been successfully used at one university by two instructors in two sections of a graduate IT issues course and at a second university by an instructor in two sections of a graduate IT auditing course. Approximately 50 students have completed the case. The students had no prior knowledge or experience with ACL. Anecdotal feedback from students at both universities was positive and enthusiastic, including the pleasant surprise regarding the ease of generating and printing reports. An exit survey was completed by 29 students in the two sections of the graduate IT auditing course that completed the two-part case. Results show that the case objectives were perceived to be met. The students were first given the terminated user case as a tutorial
assignment with a week to complete. After completing and discussing the results of the terminated user case, students were given the dormant account case as an assignment without the
294
detailed instructions and screenshots. Students had a week to complete this part of the case, after which its results were discussed in class. After completing each respective part of the case and class discussion of results (including the ethical considerations of each part), students completed a survey about their perceptions as to whether the objectives of each particular part were achieved. Tables 2 and 3 summarize survey results after completing each respective part of the case. Answering on a scale of 1 (strongly disagree) to 5 (strongly agree), all mean responses are significantly greater than a neutral score of 3 (neither agree nor disagree) at a p-value < 0.0001. These results indicate that the students definitely perceived that all desired objectives were met by the two-part case. As an additional comment about survey results, mean responses to the dormant account case are generally greater than those for the terminated user case, especially the objectives of learning how to automate basic ACL activities through scripts (Question 3 in Tables 2 and 3); having even more confidence with performing CA/CM in the future (Question 4 in Tables 2 and 3); and better recognizing ethical issues raised by the particular part of the case (Question 5 in Tables 2 and 3). This indicates that the second part of the case provided significant
reinforcement and further insight above that provided by the first part of the case into using ACL to perform CA/CM for identifying and investigating the possibility of fraud and IT security breaches, as well as critically thinking and discussing ethical issues related to ACL, CA and CM. Besides answering questions about perceptions of meeting objectives, the 29 students also reported how much time was spent completing each part of the case. The mean number of hours spent completing the terminated user case was 3.38 hours, while the mean number of hours spent completing the dormant account case was 2.55 hours. The lower amount of time on the
295
dormant account case is likely due to the experience of completing the terminated user case (Please see Tables 2 and 3).
TEACHING NOTES Teaching notes are provided in Appendix D for helping instructors with suggestions of how to use the two-part case. The teaching notes provide a suggested method for class setup of the case and suggested practitioner articles and research studies for students to read about ACL, CA and CM. The notes also indicate how the cases delivery and execution can be modified for supplying on a flash drive for each student: 1) the ACL software that comes with an audit or AIS textbook, 2) the tutorial instructions and 3) Excel files. Providing these materials to students in this manner allows them to complete the case without the need of having access to a computer with ACL software preloaded. The flash drive approach also aids in turning in a backup of the ACL project.
296
REFERENCES American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants Study Group (CICA) 1999. Continuous Auditing. Toronto, Ontario: AICPA and CICA. Coderre, D. 2005. Global Technology Audit Guide Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment. Altamonte Springs, FL: Institute of Internal Auditors. Daigle, J. J., Daigle, R. J., & Lampe, J. C. 2008. Auditor ethics for continuous auditing and continuous monitoring. IS Audit & Control Journal, 3, 40-43. Ernst & Young 2009. Outpacing Change: Ernst & Youngs 12th Annual Global Information Security Survey: New York, NY: Ernst & Young. Institute of Management Accountants (IMA) 2009. Content Specification Overview. < http://www.imanet.org/PDFs/Public/CMA/CMA_2010_Content_Spec_Overview.pdf >. Accessed 12.5.2010. ISACA Standards Board 2002. Continuous auditing: Is it a fantasy or a reality? Information Systems Control Journal, 5, p 43-46. Hunton, J. E., Wright, A. M., & Wright, S. 2004. Continuous reporting and continuous assurance: Opportunities for behavioral accounting research. Journal of Emerging Technologies in Accounting, 1, 91-102. Information Technology Governance Institute (ITGI) 2007. Control Objectives for Information and Related Technology (COBIT) 4.1. Rolling Meadows, IL: ITGI. McCann, D. 2009. Internal audit: The continuous conundrum, CFO.com. <http://www.cfo.com/article.cfm/14440838>. Accessed 12.5.2010. PricewaterhouseCoopers (PwC) 2006. 2006 State of the Internal Audit Profession Study: Continuous Auditing Gains Momentum*: New York, NY: PwC. Warren Gorman & Lamont 2010. Practical IT Auditing. <http://checkpoint.riag.com/app/>. Accessed 12.5.2010. Wood, L. 2008. Continuous auditing: Tips from the front line. ITpolicycompliance.com <http://www.itpolicycompliance.com/what+s_new/thought_leader_articles/read.asp?ID=46>. Accessed 12.5.2010.
297
Table 1 Overview of Activities in Terminated User Case Activity 1) Students use Import command to create a table in ACL populated by all data from an Excel file of all employees (both active and terminated). Deliverable Printout of ACL table created
2) Students use Extract command to create a second table Printout of ACL table populated by records of terminated employees from first table created created. 3) Students use Import command to create a third table populated by data from a second Excel file of active directory users 4) Students use Join command to create a fourth table populated with data from the tables created in the second and third activities. The fourth table contains data of terminated employees who continue to have access to system resources. Students use Filter command on the table to further analyze the data. Students also create an html file of data contained in fourth table. 5) Students use Export command to create an Excel file populated by data from fourth table created Printout of ACL table created
Printout of html file created and memo addressed to the Security Administrator on analysis of data in table
Printout of both Excel file created and the transaction history of all activities performed within ACL
6) Students use Script command for automating the five previous activities so that the test can be run on a repetitive and recurring basis, thereby providing the ability to perform continuous auditing/monitoring 7) Consider and discuss the ethics of analyzing employee network activities.
Printout of ACL script created
Printout of memo
298
Table 2 Student Perceptions of Terminated User Case Meeting its Objectives Objective 1) Help understand the concept and application of CA/CM 2) Help learn how to perform basic ACL activities of: a) Importing data b) Extracting data c) Creating tables d) Joining tables to create a new table e) Filtering data in a table f) Exporting data 3) Help learn how to automate basic ACL activities through the creation of scripts 4) Gain confidence in the future application of developing computer automation procedures for performing CA/CM after completing the case 5) Help better recognize potential ethical issues with an organizations ability to analyze employee network activity
1
Mean Response1, 2 (Standard Deviation) 4.24 (0.74)
4.28 (0.65) 4.34 (0.67) 4.28 (0.65) 4.31 (0.54) 4.41 (0.73) 4.48 (0.63) 4.07 (0.88)
3.69 (0.76)
3.93 (0.88)
All responses are on a scale of 1 (strongly disagree) to 5 (strongly agree), with a neutral score of 3 (neither agree nor disagree)
2
All mean responses are significant from a neutral score of 3 at a p-value < 0.0001
299
Table 3 Student Perceptions of Dormant Account Case Meeting its Objectives Objective 1) Help better understand further the concept and application of CA/CM 2) Help learn further how to perform basic ACL activities of: a) Importing data b) Extracting data c) Creating tables d) Exporting data 3) Help learn further how to automate basic ACL activities through the creation of a script 4) Gain greater confidence in the future application of developing computer automation procedures for performing CA/CM after completing the second case 5) Help better recognize potential audit independence and impairment issues with sharing automated scripts within an organization
1
Mean Response1, 2 (Standard Deviation) 4.48 (0.63)
4.59 (0.63) 4.69 (0.47) 4.41 (0.63) 4.48 (0.63) 4.45 (0.69)
4.48 (0.57)
4.62 (0.62)
All responses were on a scale of 1 (strongly disagree) to 5 (strongly agree), with a neutral score of 3 (neither agree nor disagree)
2
All mean responses are significant from a neutral score of 3 at a p-value < 0.0001
300
Appendix A Using ACL Scripts to Teach Continuous Auditing/Monitoring: Terminated User Case Tremeg Corporation is a growing electronic components manufacturer that has recently been awarded a large multi-year defense contract. High among the many concerns and goals of company executives is improving security over network access to sensitive data. Students are to assume the role of an IT auditor/accountant with responsibility to determine the effectiveness of security controls. The case has the following objectives: 1. Help understand the concept and application of continuous auditing/continuous monitoring 2. Help learn how to perform basic ACL activities of: a. b. c. d. e. f. Importing data Extracting data Creating tables Joining tables to create a new table Filtering data in a table Exporting data
3. Help learn how to automate basic ACL activities through the creation of scripts 4. Gain confidence in the future application of developing computer automation procedures for performing continuous auditing/monitoring after completing the case 5. Help better recognize potential ethical issues with an organizations ability to analyze employee network activity
The case involves performing six primary activities to accumulate required data, and then make critical decisions and communicate the results in memo form: 1) Using the Import command to create a table in ACL populated by the data from an Excel file of all Tremeg employees, whether active or terminated. This file has been obtained from Tremegs human resource function. The file includes fields for: Employee Number First Name Last Name Date Terminated
301
2) Using the Extract command to populate a second table with data of terminated employees from the first table created. 3) Using the Import command to create a third table populated by all data from a second Excel file of active directory users at Tremeg. This file has been obtained from Tremegs security administration function. The file includes fields for: User ID First Name Last Name Disabled Last Login 4) Using the Join command to create a fourth table of data for analysis, which is based on data in the tables created in #2 and #3. The resulting table will include only matches where the Disabled field equals FALSE, which means a terminated user still has access to the network. Such matches are a clear violation of system security. Access should immediately be disabled for these users. The Filter command will then be used to identify those terminated users who have accessed their account after being terminated. 5) Using the Export command to create a back-up Excel file populated by the data of terminated users who still have network access. 6) Using the Script command to automate the performance of these activities automatically. Because it is a sound control to create the exception table on a repetitive basis (i.e., continuously, such as weekly or monthly), automation improves efficiency and effectiveness of the process at little marginal cost. You have been provided the two Excel files referred to in #1 and #3. On the desktop of the computer on which you will complete this assignment (ACL Version 9 should be installed on that computer), create a folder and name it ACL_Assignment. Place the two files in that folder. The step-by-step instructions, associated resulting screen captures, and seven deliverable requests on the following pages provide a guide for completing this case. Much of the instructions provide reasons and explanations for why a particular step is being performed. Carefully read the instructions to appreciate and understand the usefulness and value of each step of the case.
302
I. Importing the All_Employee Excel File into ACL 1. Double Click on the ACL Version 9 icon on your desktop to open the application.
2. Create a New Project by selecting from the toolbar File New Project from the toolbar.
303
3. Locate the ACL_Assignment folder on your desktop. Name your new project Network_Term_Users with the default file type of ACL and click .
4. Upon saving your new project, the Data Definition Wizard automatically appears on screen. The wizard helps define the format of data that you will import into ACL for analysis. Click .
304
5. The wizard screen asks you to specify the source of data. Because the data in this assignment is in a file on the desktop, the default option of Disk is the proper choice. Click .
6. The wizard requests that you select a file to define. Go to the ACL_Assignment folder on your desktop, select the file entitled All_Employees.xls and then click .
305
7. The wizard requests that you choose the type of character set of the data, with a default of ASCII. Click .
8. The wizard has identified the file format of the file you chose as Excel and requests that you confirm this. Click .
306
9. The wizard has identified that the file has three worksheets labeled Sheet1, Sheet2 and Sheet3, with a default of selecting Sheet1. All of the data in the file is located in Sheet1. The wizard has also defaulted to a field length of 50 maximum characters. Click .
10. Name the new data file All_Employees1 with the default data file type of .FIL and click .
307
11. The screen wizard shows the results of defining data from the file imported. After verifying that the data are those needed and in the correct format, click .
12. The wizard has created a table with the data from the Active Directory Users Excel file and suggests renaming it from Untitled to All_Employees1. Click .
308
13. The resulting screen shows the new table created, populated with all the active and terminated employees of Tremeg. Verify the order and format of the fields as specified by the Data Definition Wizard. The table should contain 167 records.
14. DELIVERABLE #1: Print the table by selecting Data Report from the toolbar. In the Header type Terminated User Case Deliverable # 1 your last name and ensure that file is selected on the Output tab. Click and then to print the report. Review your output, noting the Documentation and Transaction History of generating the table. Turn in your output to your instructor.
309
II. Extracting Data from the All_Employees1 Table 1. Select Data Extract Data from the toolbar.
2. The resulting screen allows you to begin creating a new table populated by extracted data of interest terminated Tremeg employees from the All_Employees1 table. Click .
310
3. The resulting screen allows you to create an extracting condition for users with a value in the Date_Terminated field within the All_Employees1 table. Under Functions to the far right of the screen, double-click on DATE( <date> ). DATE( <date> ) will appear in the Expression box at the top left of the screen.
4. Use your cursor to highlight <date> in the Expression box.
311
5. Double-click on the Date_Terminated field in the Available Fields box. Date_Terminated will replace <date> in the Expression box.
6. Place your cursor at the end of the expression DATE ( Date_Terminated ). Add a space and click on the button in the middle of the screen to add that symbol to the Expression. Space one time after the <> symbol and then add a pair of quotes with a space in between the quotes. The resulting expression from your editing is: DATE( Date_Terminated ) <> " " This expression will extract all of the non-blank items in the Date_Terminated field.
312
button located to the right of the Expression box to verify the 7. Click on the expression is valid. A pop-up message screen will ask you to confirm that the expression is valid. Click to continue.
8. Click
at the top right of the screen to return to the Extract screen. Note that the button.
expression created is contained in the textbox located to the right of the
313
9. Type Terminated_Employees in the textbox to the right of the button. This is the name of the new table that you are creating that contains data that you are extracting from the All_Employees1 table.
10. Click . The newly created Terminated_Employees table will appear on screen. The table should contain 60 records.
314
11. DELIVERABLE #2: Print the table by selecting Data Report from the toolbar. In the Header type Terminated User Case Deliverable # 2 your last name and ensure that file is selected on the Output tab. Click and then to print the report. Turn in your output to your instructor.
III. Importing the Active_Directory_Users Excel File into ACL 1. Select from the toolbar Data External Data Disk.
2. After automatically opening the folder you have been using the ACL_Assignment folder on your desktop ACL prompts you to select a file to define. Select the Active_Directory_Users Excel file and click .
315
3. Just as for the data in the All_Employees Excel file, the resulting wizard screen, as well as the next two screens, takes you through the process of defining the data and file from which it came and the worksheet location within the file. Click on this and following two screens.
4. The wizard requests that you save the new file with a .FIL extension in the default ACL_Assignment folder. Name the file Active_Directory_Users1 and click .
316
5. The screen wizard shows the results of defining data from the Active_Directory_Users Excel file in the table that you have created. After verifying that the data fields and format are correct, . click
6. Save the resulting table, with the name suggested by ACL, by clicking
317
7. The resulting screen shows the new table created, populated with all the network accounts of Tremeg. There should be 130 records in this table.
8. DELIVERABLE #3: Print the table by selecting Data Report. In the Header type Terminated User Case Deliverable # 3 your last name and ensure that file is selected on the Output tab. Click and then to print the report. Turn in your output to your instructor.
318
IV. Executing an ACL Join for Producing an Exception Report of Terminated Users Still Having Access to the Network 1. If not already open, open the Active_Directory_Users1 table within your project by doubleclicking on the table within the Project Navigator window. This table must be open because it is the primary table for creating a new table through the joining of the Active_Directory_Users1 and Terminated_Employees tables. From the toolbar select Data Join Tables.
319
2. The resulting Join screen allows you to design the new table for your exception report.
button on the left side of the screen to select fields from 3. Click the the Active_Directory_Users1 table. Click User_ID and move to the Selected Fields list by clicking . This can also be achieved by double-clicking on User_ID. After getting the resulting screen shown below, click to return to the Join screen.
320
4. Under Secondary Table on the right side of the Join screen, select Terminated_Employees from the dropdown menu.
5. Click the button that is located right below the dropdown menu. Click Employee_Number and move it to the Selected Fields list by clicking . After getting to return to the Join screen. the resulting screen shown below, click
321
6. Click the button that is located in the middle left of the screen, and move all fields to the Selected Fields list in this order: User_ID, First_Name, Last_Name, Last_Login and Disabled. This prepares the order and format of the exception report you are creating. It is important to use the order specified. After getting the to return to the Join screen. resulting screen shown below, click
7. Click the button that is located in the middle right of the screen, and move Date_Terminated to the Selected Fields list. After getting the resulting screen to return to the Join screen. shown below, click
322
8. On the Join screen, perform the following three steps: a) Check the box for Presort Secondary Table. b) Create an If statement to ensure that already disabled employees are not included in the report. In the box beside the button, type: Disabled = FALSE. FALSE in the disabled field means that the account is not disabled (it is still active). button, type Exceptions_TermEmpWithAccess (all one c) In the box beside the word with no blank spaces) as the name of the output file.
323
9. Click to create a table of terminated employees still having network access. The table should contain 30 records. In a real situation, you should turn over the tables contents to the Security Administrator so that access can be disabled immediately for those identified.
10. You now need to create a report of your findings. This report will be output to an HTML file that can be saved and reused. Select Data Report on the toolbar.
324
11. Type Terminated Employees with Network Access as the Header of your report.
tab to define output type. Select the option. Select HTML Text 12. Select the File from the drop-down next to File Type. Type Exceptions_TermEmpWithAccess in the text box next to the button. Click to save.
325
13. The new HTML file should be located in the ACL_Assignment folder on your desktop. Go to the folder and open the HTML file just created (do NOT exit out of ACL, minimize ACL instead). Print the report by selecting File Print and then .
14. DELIVERABLE #4: Return to ACL and create a filter for the data in the table that compares the date of termination with the last login for each employee record to determine if any employees have logged on after their termination date. Any such employees would be of greater concern to management than the others. To create a filter, click the filter icon at the top of the table. The Edit view filter screen will appear. In the Expression box, input an expression that you believe will determine if someone has logged in after their termination date and then click . To remove the filter and return to the full table, click .
Write a memo no longer than one page addressed to John Doe, Tremegs Security Administration Manager, explaining your concerns about the data in the report that was printed in step #13, as well as the results based on the filter performed. Concerns raised in the memo are to be based on potential risks to Tremeg. Turn in your memo and a printout of the full table using Data Report with an appropriate header that includes your name.
326
V. Exporting the Exception Report to an Excel File 1. This particular series of activities shows you another way of generating a report of your findings, this time by exporting data into an Excel file. If not already open, open the Exceptions_TermEmpWithAccess table. In order to convert the table just printed into an Excel file, select from the toolbar Data Export to Other Application.
2. Click the button on the left side of the Export screen. On the Selected Fields screen, move the following fields, in the given order, to the Selected Fields list: User_ID, First_Name, Last_Name, Date_Terminated and Last_Login. This defines the fields that will be included in the Excel file being created. After getting the resulting screen below, click to return to the Export screen.
327
3. Select Excel from the Export As dropdown menu.
4. In the box beside the button, type Exceptions_TermEmpWithAccess1 (no blank spaces) as the name of the export file.
328
5. Click exported file.
. The resulting screen shows a Transaction History of the creation of the
The new Excel file should be located in the ACL_Assignment folder on your desktop. Verify that the file exported correctly by opening the Excel file created (do NOT exit out of ACL, minimize ACL instead). Compare its contents to the HTML exception report previously printed to ensure accuracy. Some columns of the spreadsheet may not be wide enough to read its contents adjusting the column width will allow contents to be fully seen. If the ACL report from deliverable #4 has not been delivered to the Security Administrator, this report should be sent immediately so action can be taken as quickly as possible to disable these accounts. 6. DELIVERABLE #5: Insert a proper heading for the report (Terminated User Case Deliverable #5 report title your last name) and print the Excel file created. Return to ACL. Print the Transaction History shown on screen by selecting Print the report by selecting File Print and then . Turn in your output to your instructor.
VI. Write an ACL Script to Automate for Continuous Auditing/Monitoring Use 1. Close all Excel spreadsheets and any ACL tables that might be in BOLD in the Project Navigator (Note: do not close the Network_Term_Users.ACL project title). To close an emboldened (open) file, right click on the title and then click on Close Table. This may also be accomplished by making the file active (click on the file name) screen and select File Close. Also close the Results screen on the right side to return to the Welcome to ACL screen by button at the top right of the Results screen. clicking on the
329
2. Select from the toolbar File New Script.
3. A blank window will open on the right side of the screen, which will be used to write the script for automating the creation of the exception report from the two applicable tables and can be used as a continuous auditing/monitoring tool. Once created and saved, the script may be executed on a repetitive and recurring basis, such as monthly or weekly.
330
4. Two tabs,
and
, are located at the bottom left of the entire screen. Select the
tab. This will display command lines that were run during past sessions of this particular ACL project. Clicking on the symbol beside a given line provides more detail of the commands previously run. The content of your Project Navigator window may look slightly different than the one below, but if you have been successful with completing the assignment to this point, all important command lines for this portion of the assignment are in the detail.
5. From the toolbar select Window Show Command Line from the dialogue box.
331
6. The resulting screen displays a blank text box at the top of the Command Line window on the right side of the screen.
7. Click on the command line in the log that states the following: OPEN All_Employees1. This line will display in the Command Line text box. Immediately below the command line, New_Script should be bolded, indicating that the script is open for editing. If New_Script is not open on your screen, click on New_Script.
8. Highlight the text in the Command Line and right click to copy.
332
9. Paste the command line copied on the first line of the New_Script window.
10. Repeat steps 8 and 9 (copy and paste) for the 5 additional command lines that are shown below and can be found in the Project Navigator window: EXTRACT RECORD IF DATE( Date_Terminated ) <> " " TO "Terminated_Employees" OPEN OPEN Active_Directory_Users1 OPEN Terminated_Employees SECONDARY JOIN PKEY User_ID FIELDS User_ID First_Name Last_Name Last_Login Disabled SKEY Employee_Number WITH Date_Terminated IF Disabled = "FALSE" TO "Exceptions_TermEmpWithAccess" OPEN PRESORT SECSORT EXPORT FIELDS User_ID First_Name Last_Name Date_Terminated Last_Login EXCEL TO "Exceptions_TermEmpWithAccess1"
11. Click the button displayed at the far right of the Command Line in the New Script window to close the new script you are creating.
333
12. You will be asked whether you want to save changes to your script. Click
13. Click the tab at the bottom left of the screen, right click on New_Script in the Project Navigator window and select Run. You are prompted as to whether you want to overwrite a file that you had created when previously executing the Join. This is the first of five such screens asking whether you want to overwrite a file. Select each time. After answering to all the pop-up questions, the resulting screen should appear as follows.
14. Verify that the output file exported correctly by going to your ACL_Assignment folder and opening the Exceptions_TermEmpWithAccess1 Excel file. Compare its contents to the exception report and Excel file previously printed in this assignment.
15. A more appropriate name should be given to New_Script in the Project Navigator window. Right click on New_Script, select Rename and rename it Script_Except_TermEmpWithAccess.
334
Additional Command Lines for Further Efficiency of the Script The script can be edited further to improve its efficiency. Close all Excel spreadsheets and ACL tables that are open. Double click on the icon to the left of your script in the Project Navigator window to reopen it. The script can be edited in the editing window to the right.
16. To prevent the display of popup screens requesting whether the user would like to overwrite files previously created, type the first line below at the very beginning of the script and the second line below at the very end of the script. SET SAFETY OFF SET SAFETY ON
These lines may be useful if the script is to be run by another individual and you do not want that individual confused by the popup screens.
17. To further automate your work for repetitious or continuous use, enter the following two generic lines as the second and third lines within your script. These will automatically import the All_Employees and Active_Directory_Users Excel files before executing the extraction, join and export processes. IMPORT DISK SOURCE "Excel Files" TABLE "Sheet1$" QUALIFIER "C:\Documents and Settings\Desktop\ACL_Assignment\All_Employees.xls" TO "C:\Documents and Settings\Desktop\ACL_Assignment\All_Employees1.FIL" WIDTH 50 MAXIMUM 100 FIELDS "Employee Number","First Name","Last Name","Date Terminated" IMPORT DISK SOURCE "Excel Files" TABLE "Sheet1$" QUALIFIER "C:\Documents and Settings\Desktop\ACL_Assignment\Active_Directory_Users.xls" TO "C:\Documents and Settings\Desktop\ACL_Assignment\Active_Directory_Users1.FIL" WIDTH 50 MAXIMUM 100 FIELDS "User ID","First Name","Last Name","Disabled","Last Login" Please note emphasis on the word generic in the instructions preceding the two import commands. You will have to modify the bolded portions in the commands, based on substituting the exact location of these files for completing the assignment.
335
To ensure that you have the proper address in each instance noted in the generic script, open up the ACL_Assignment folder on your desktop (see example below). The address shown in the address line on your computer should be used in place of the bolded text in the generic script.
Consideration of Change Control 18. The development of ACL scripts should adhere to change control procedures. Key information about the script should be entered into the script to ensure all changes are properly documented. The command COMMENT helps facilitate this. Entering COMMENT in front of a line of information line causes ACL to ignore that line when running the script. Entering COMMENT, pressing return and then entering one or more lines of information until there is either a blank line or the command END will cause ACL to ignore all information lines. The following is an example of how multiple lines of information, placed at the beginning of a script, can be added and ignored by ACL: COMMENT ****************************************************** Name of Script: Script_Except_TermEmpWithAccess Script Creator: Your Name Date Script Created: Current Date Change Control Log (Date, Change Made, User altering the script) ****************************************************** END
336
Pop-Up Conclusion Message 19. Enter the following generic phrase as the last line of the script so that the message in quotes pops-up to alert the user that the running of the script is complete, as well as the location of the exported results: PAUSE "The script is complete. See C:\Documents and Settings\Desktop\ACL_Assignment for the exception report." Here is an example of the pop-up message noting that the script has been run and the location of the exported exception report.
The following screen shot shows inclusion of all the edits suggested for improving your script.
After making these edits, close the script and re-run to make sure that your script runs properly.
19. DELIVERABLE #6: Reopen your script after successfully re-running it for the edits made. Print out your script by selecting File Print and then instructor. 337 . Turn in your output to your
20. DELIVERABLE #7: Part IV of this assignment requires the identification of terminated users who continue to have login access, as well as a memo to Tremegs Security Administration Manager that identifies terminated users who have logged in after being terminated. Assume that after providing your memo (see deliverable #4), you are requested to analyze account activity of the terminated users identified, for the month before termination and all subsequent time after the date of termination. The requested analysis is to include, but not be limited to, such activities as: playing computer games; personal use of the Internet (especially the viewing of inappropriate websites; online shopping; social networking; downloading of videos and music, etc.); and downloading critical and sensitive company data. Write a memo no longer than one page addressed to John Doe, Tremegs Security Administration Manager, which discusses the ethics of performing such an analysis. Your memo should include discussion of what types of user activity analyses by a business organization are likely appropriate (ethical), what types are likely inappropriate (unethical) and reasoning why.
21. BACK-UP OF ASSIGNMENT: Along with the seven deliverables of this assignment, turn in a backup of your ACL_Assignment folder to your instructor. This can be done on a flash drive.
CONGRATULATIONS! You have successfully finished the introductory ACL assignment for performing continuous auditing/monitoring.
338
Appendix B Further Use of ACL Scripts to Teach Continuous Auditing/Monitoring: Dormant Account Case Consistent with the first assignment, students assume the role of an IT auditor/accountant employed by Tremeg Corporation (TC). This second assignment has five objectives: 6. Help better understand further the concept and application of continuous auditing/continuous monitoring 7. Help learn further how to perform basic ACL activities of: e. Importing data f. Extracting data g. Creating tables h. Exporting data 8. Help learn further how to automate basic ACL activities through the creation of a script 9. Gain greater confidence in the future application of developing computer automation procedures for performing continuous auditing/continuous monitoring after completing the second part of the case 10. Help better recognize potential audit independence and impairment issues with sharing automated scripts within an organization Like the first assignment, automation allows the ability to audit/monitor continuously or repetitively on a regular basis (such as monthly or weekly) with little marginal cost incurred and possibly share the script with others in Tremeg. This case involves performing five primary activities: 1) Using the Import command to create a table containing all data from an Excel file of active directory users at Tremeg. This file has been obtained from Tremegs security administration function. The file includes fields for: User ID First Name Last Name Disabled Last Login
339
2) Using the Extract command to create a table of certain data based on data from the first table, listing only those active directory users that have not logged-on to the network in the last 90 days. Some employees listed in the table may no longer be employed by Tremeg, thereby requiring their access be disabled immediately. Others may be active employees but management may decide it is better to not give them access since the employees rarely use their account. 3) Using the Export command to create a back-up Excel file populated by data from the table created in the second activity. 4) Using the Script command to automate the three prior activities. The script can be run on a repetitive basis as desired. 5) IT auditors, accountants and managers have a professional oath of loyalty to their employers and the goal of providing management with the information that will best help achieve the long-run goals and mission of the organization. This oath could indicate to some that the sharing of scripts between internal auditors, accountants, and managers is appropriate for ensuring continuous auditing and continuous monitoring are performed properly. However, potential problems exist when continuous auditing/continuous monitoring scripts are shared within an organization. Consider the following questions: If an internal auditor creates a successful continuous auditing script, should it be shared with other departments or operating divisions? After a management accountant develops a successful continuous monitoring script, does a problem exist if it is shared with other departments or operating divisions?
Write a memo no longer than one page, assuming the role of an IT auditor with TC, which is addressed to the Audit Committee of TC expressing your concerns about the sharing of scripts within an organization. You have been provided the Excel file referred to in #1. On the desktop of the computer on which you will complete this assignment (ACL Version 9 should be installed on that computer), create a folder and name it ACL_Assignment_2. Place the file in that folder. The step-by-step instructions, associated resulting screen captures, and details for the first three deliverable requests on the following pages provide a guide for completing the technical aspects of this case.
340
I. Importing the Active_Directory_Users Excel File into ACL 1. Double Click on the ACL Version 9 icon on your desktop to open the application.
2. Create a New Project by selecting from the toolbar File New Project from the toolbar.
341
3. Locate the ACL_Assignment_2 folder on your desktop. Name your new project DormantUserAccounts with the default file type of ACL and click .
4. Upon saving your new project, the Data Definition Wizard automatically appears on screen. The wizard helps define the format of data that you will import into ACL for analysis. Click .
342
5. The wizard screen asks you to specify the source of data. Because the data in this assignment is in a file on the desktop, the default option of Disk is the proper choice. Click .
6. The wizard requests that you select a file to define. Go to the ACL_Assignment_2 folder on your desktop, select the file entitled Active_Directory_Users1 and then click .
343
7. The wizard requests that you choose the type of character set of the data, with a default of ASCII. Click .
8. The wizard has identified the file format of the file you chose as Excel and requests that you confirm this. Click .
344
9. The wizard has identified that the file has three worksheets labeled Sheet1, Sheet2 and Sheet3, with a default of selecting Sheet1. All of the data in the file is located in Sheet1. The wizard has also defaulted to a field length of 50 maximum characters. Click .
10. Name the new data file as Active_Directory_Users with the default data file type of .FIL and click .
345
11. The screen wizard shows the results of defining data from the file imported. After verifying that the data are those needed and in the correct format, click .
12. The wizard has created a table with the data from the Active Directory Users Excel file and suggests renaming it from Untitled to Active_Directory_Users. Click .
346
13. The resulting screen shows the new table created, populated with all the network accounts of TC. There should be 130 records in this table.
14. DELIVERABLE #1: Print the table by selecting Data Report from the toolbar. In the Header type Dormant Account Case Deliverable # 1 your last name and ensure that file is selected on the Output tab. Click your output to your instructor. and then to print the report. Turn in
347
II. Extracting Data from the Active_Directory_Users Table 1. Select Data Extract Data from the toolbar.
2. The resulting screen allows you to begin creating a new table populated by extracted data of interest active directory users with dormant accounts from the Active_Directory_Users table. Click .
348
3. The resulting Extract: If screen allows you to create an extracting condition for users whose accounts have not been accessed in the last 90 days. Double-click the Age function from the list of functions shown in to the right. This will display the syntax for the Age function in the Expression box at the top left. Highlight the word date in the Expression box.
4. Double-click on the Last_Login field in the Available Fields box to replace date in the Expression box.
349
5. Note how the syntax for the function between the parentheses is within brackets (< >). ACL uses these brackets to indicate that this syntax is optional when using this function. The brackets, as well as some of the syntax within, are unnecessary for performing this aging. Edit the function so that only Last_Login is shown between the parentheses.
6. The current syntax will return the number of days since a user logged into the system. However, the number of active users whose last day of logging in exceeds 90 days is of interest. With the cursor located at the end of the function, click on the pop-up screen and then enter 90. button in the middle of the
350
7. Click on the button located to the right of the Expression box to verify the expression is valid. A pop-up message screen will ask you to confirm that the expression is valid. Click to continue.
8. The expression as currently written would display in the exception report all enabled (active) and disabled accounts with last login dates exceeding 90 days. To ensure that disabled accounts button and enter Disabled = FALSE. are not listed as exceptions, click on the
351
9. Click Click the
again to make sure the expression is valid. Click
to continue. button.
button located at the top right of the screen to return to the Extract screen.
Note the function created is contained in the textbook next to the
10. Type Act_Dir_Users_DormantAccounts in the box next to the name the table that will list all exceptions.
button to
352
11. Click . The newly created Act_Dir_Users_DormantAccounts table will appear on screen. There should be 36 records. Review the data to make sure that only enabled user accounts (a FALSE value under the Disabled column) that have not logged in within the last 90 days are shown in this table.
12. To check the accuracy of the extracted data, double-click on the Active_Directory_Users table under the Project Navigator window. From the toolbar, select Analyze Age.
353
13. The resulting pop-up screen should show Last Logon identified as the field under the button at the top left of the screen. The cutoff date is identified as the current date.
14. Click . The resulting screen shows an aging of accounts by last login. Note that there are 39 accounts over 90 days old since last login (26 are between 90-119 days, 13 are greater than 120 days).
354
15. Click on the 120-10,000 category to show a detail of the 13 accounts. Note that three of the accounts have values of TRUE under the Disabled column, therefore indicating that 10 enabled accounts have been inactive for this period of time.
16. DELIVERABLE #2: Print the results of the aging showing the 13 accounts with a date of the login greater than 120 days old by selecting Data Report from the toolbar In the Header type Dormant Account Case Deliverable # 2, Part 1 your last name and ensure that file is selected on the Output tab. Click and then to print the report.
After printing, close the table by right clicking on the Active_Directory_Users table in the Project Navigation window and selecting Close Table. Then close the summary aging results screen on the right by clicking the button at the top of that particular screen (do NOT exit out of ACL). Re-open the Act_Dir_Users_DormantAccounts table by double-clicking on the table in the Project Navigation window. Print its contents showing the 36 active accounts with a date of last login greater than 90 days old by selecting Data Report from the toolbar In the Header type Dormant Account Case Deliverable # 2, Part 2 your last name and ensure that file is selected on the Output tab. Click your output to your instructor. and then to print the report. Turn in
355
III. Exporting the Exception Report to an Excel File 1. With the Act_Dir_Users_DormantAccounts table still open, select Data Export to Other Application from the toolbar to begin the process of exporting the data to an Excel file.
button on the left side of the Export screen. On 2. Click the the Selected Fields screen, move the following fields, in the given order, to the Selected Fields list: User_ID, First_Name, Last_Name, and Last_Login. This defines the fields that will be included in the Excel file being created. After getting the resulting screen below, click to return to the Export screen.
356
3. Select Excel from the Export As dropdown menu.
4. In the box beside the button, type Act_Dir_Users_DormantAccounts (no blank spaces) as the name of the export file.
357
5. Click exported file.
. The resulting screen shows a Transaction History of the creation of the
The new Excel file should be located in the ACL_Assignment_2 folder on your desktop. Verify that the file exported correctly and contains only 36 records by opening the Excel file created (do NOT exit out of ACL, minimize ACL instead). Compare its contents to the report previously printed to ensure accuracy. Some columns of the spreadsheet may not be wide enough to read its contents adjusting the column width will allow contents to be fully seen. In a real world situation, the contents of this report should be given to the Security Administrator for investigation as to why active users have inactive accounts. One possible explanation is that some employees on the list are no longer employed. Their access should be disabled immediately. Another possible explanation is that some employees, such as in production, access the network on a very infrequent basis. These employees may not require access to perform their duties. If deemed unnecessary, access should be disabled. If not disabled, it is still good to monitor and note long periods of inactive network use by such employees. 6. DELIVERABLE #3: Insert a proper heading for the report (Dormant Account Case Deliverable # 3 report title date your name) and print the Excel file created. Return to ACL. Print the Transaction History shown on screen by selecting File Print and then . Turn in your output to your instructor.
VI. Write an ACL Script to Automate for Continuous Auditing/Monitoring Use 1. Close all Excel spreadsheets and any ACL tables that might be in BOLD in the Project Navigator (Note: do not close the Network_Term_Users.ACL project title). Also close the Results screen on the right side to return to the Welcome to ACL screen by clicking on the button at the top right of the Results screen.
358
2. Select from the toolbar File New Script.
3. A blank window will open on the right side of the screen, which will be used to write the script for automating the creation of the exception report and can be used as a continuous auditing/monitoring tool. Once created and saved, the script may be executed on a repetitive and recurring basis, such as monthly or weekly.
359
4. Two tabs,
and
, are located at the bottom left of the entire screen. Select the
tab. This will display command lines that were run during past sessions of this particular symbol beside a given line provides more detail of the ACL project. Clicking on the commands previously run. The content of your Project Navigator window may look slightly different than the one below, but if you have been successful with completing the assignment to this point, all important command lines for this portion of the assignment are in the detail.
5. From the toolbar select Window Show Command Line from the dialogue box.
360
6. The resulting screen displays a blank text box at the top of the Command Line window on the right side of the screen.
7. Click on the command line in the log that states the following: OPEN Active_Directory_Users. This line will display in the Command Line text box. Immediately below the command line, New_Script should be bolded, indicating that the script is open for editing. If New_Script is not open on your screen, click on New_Script.
8. Highlight the text in the Command Line and right click to copy.
361
9. Paste the command line copied on the first line of the New_Script window.
10. Repeat steps 8 and 9 for the following four command lines: EXTRACT RECORD IF AGE( Last_Login ) > 90 AND Disabled = "FALSE" TO "Act_Dir_Users_DormantAccounts" CLOSE OPEN Act_Dir_Users_DormantAccounts EXPORT FIELDS User_ID First_Name Last_Name Last_Login EXCEL TO "Active_Directory_Users_DormantAccounts"
11. Click the button displayed at the far right of the Command Line in the New Script window to close the new script you are creating.
12. You will be asked whether you want to save changes to your script. Click
362
13. Click the tab at the bottom left of the screen, right click on New_Script in the Project Navigator window and select Run. You are prompted as to whether you want to overwrite a file that you had created previously. This is the first of three such screens asking each time. After answering whether you want to overwrite a file. Select to all the pop-up questions, the resulting screen should appear as follows. There should be 36 records in the table.
14. Verify that the output file exported correctly by going to your ACL_Assignment_2 folder on your desktop and opening the Act_Dir_Users_DormantAccounts Excel file. Compare its contents to the exception report and Excel file previously printed in this assignment. 15. A more appropriate name should be given to New_Script in the Project Navigator window. Right click on New_Script, select Rename and rename it Script_Except_DormantAccounts. Additional Command Lines for Further Efficiency of the Script As noted in the terminated user assignment, a script can be edited further to improve its efficiency. Close all Excel spreadsheets and ACL tables that are open. Double click on the icon to the left of your script in the Project Navigator window to reopen it. The script can be edited in the editing window to the right.
363
16. To prevent the display of popup screens requesting whether the user would like to overwrite files previously created, type the first line below at the very beginning of the script and the second line below at the very end of the script. SET SAFETY OFF SET SAFETY ON
These lines may be useful if the script is to be run by another individual and you do not want that individual confused by the popup screens. 17. To further automate your work for repetitious or continuous use, enter the following generic import statement as the second line within your script. This will automatically import the Active_Directory_Users1 Excel file before executing the extraction and export processes. IMPORT DISK SOURCE "Excel Files" TABLE "Sheet1$" QUALIFIER "C:\Documents and Settings\Desktop\ACL_Assignment_2\Active_Directory_Users1.xls" TO "C:\Documents and Settings\Desktop\ACL_Assignment_2\Active_Directory_Users.FIL" WIDTH 50 MAXIMUM 100 FIELDS "User ID","First Name","Last Name","Disabled","Last Login" Please note emphasis on the word generic in the instructions preceding the import command. You will have to modify the bolded portions in the command, based on substituting the exact location of these files for completing the assignment. To ensure that you have the proper address in each instance noted in the generic script, open up the ACL_Assignment_2 folder on your desktop (see example below). The address shown in the address line on your computer should be used in place of the bolded text in the generic script.
364
Consideration of Change Control 18. The development of ACL scripts should adhere to change control procedures. Key information about the script should be entered into the script to ensure all changes are properly documented. The command COMMENT helps facilitate this. Entering COMMENT in front of a line of information line causes ACL to ignore that line when running the script. To cause ACL to ignore multiple information lines grouped together, enter COMMENT, press the return key and then enter multiple lines of information until there is either a blank line or the command END. The following is an example of how multiple lines of information, placed at the beginning of a script, can be added and ignored by ACL: COMMENT ****************************************************** Name of Script: Script_Except_DormantAccounts Script Creator: Your Name Date Script Created: Current Date Change Control Log (Date, Change Made, User altering the script) ****************************************************** END Pop-Up Conclusion Message 19. Enter the following generic phrase as the last line of the script so that the message in quotes pops-up to alert the user that the running of the script is complete, as well as the location of the exported results: PAUSE "The script is complete. See C:\Documents and Settings\Desktop\ACL_Assignment_2 for the exception report." Here is an example of the pop-up message created through the script.
365
The following screen shot shows inclusion of all the edits suggested for improving your script.
After making all of these edits, save the script and re-run to make sure that it runs properly. 19. DELIVERABLE #4: Reopen your script after successfully re-running for the edits made. Print the script by selecting File Print and then instructor. . Turn in your output to your
20. DELIVERABLE #5: IT auditors, accountants and managers have a professional oath of loyalty to their employers and the goal of providing management with the information that will best help achieve the long-run goals and mission of the organization. This oath could indicate to some that the sharing of scripts between internal auditors, accountants, and managers is appropriate for ensuring continuous auditing and continuous monitoring are performed properly. However, potential problems exist when continuous auditing/continuous monitoring scripts are shared within an organization. Consider the following questions: If an internal auditor creates a successful continuous auditing script, should it be shared with other departments or operating divisions? After a management accountant develops a successful continuous monitoring script, does a problem exist if it is shared with other departments or operating divisions?
Write a memo no longer than one page, assuming the role of an IT auditor with TC, which is addressed to the Audit Committee of TC expressing your concerns about the sharing of scripts within an organization.
21. BACK-UP OF ASSIGNMENT: Along with the four deliverables, turn in a backup of your ACL_Assignment_2 folder to your instructor. This can be done on a flash drive.
366
To Turn in for Grading: a. ACL printout of report identifying dormant users. b. ACL log of all activities in the script. c. Excel file printout of dormant users. d. Memo to the Board of Directors e. Backup copy of the assignment
CONGRATULATIONS! You have successfully finished this second ACL assignment for performing CA/CM.
367
Appendix C Take-Home Exam Tremeg Dormant Account Case in ACL Notes: 1. Work the exam on your own. Consult any written, website, and/or help materials that have been made available during the semester. It will likely be helpful to review the Part I terminated user case assignment in ACL. Under no circumstances are you to confer with any other class members or any other person or persons. Please sign the pledge below and return this cover sheet with the remainder of your final exam. 2. Since this is an exam, the instructor will not answer any questions pertaining to either Part of the Tremeg case study.
The Excel data file for this second ACL case is available via Blackboard.
Pledge: I pledge that the work on this final exam has been entirely my own. I have not contacted or conferred with any other person or persons in arriving at my solutions. Signed, _______________________________
368
Take-Home Exam Tremeg Dormant Account Case in ACL Overview: This take-home exam is an extension of the Tremeg Part I terminated user case. In that tutorial assignment you discovered that some employees who had been terminated from Tremeg continue to have access to network resources. An ACL script was written to be run on a regular basis, such as weekly or monthly, to determine if recently terminated employees have access to the network, as well as whether access has been made. Now Management wishes you to further investigate IT security issues by using ACL to discover dormant users i.e., users who have not been disabled from access (are still active) but have not accessed the computer in over 90 days. Some of those identified as dormant users may be terminated employees who have not been duly noted as such by the human resource function, therefore continuing to provide terminated employees the opportunity to inappropriately access the network. Others identified as having dormant accounts may be employees in areas such as production or maintenance who do not regularly use the network. It may be decided by management that control is improved if such employees do not have access. In both situations, network access should immediately be disabled for these individuals by the network administrator. As done in the previous assignment, after you have successfully identified the dormant users in an interactive mode with ACL, you should develop a script that will be run as often as desired by other accountants in Tremeg who are less knowledgeable about ACL.
Objectives: This second part of the case has the following objectives: 11. Help better understand further the concept and application of continuous auditing/continuous monitoring 12. Help learn further how to perform basic ACL activities of: i. Importing data j. Extracting data from a table k. Creating tables l. Exporting data 13. Help learn further how to automate basic ACL activities through the creation of a script
369
14. Gain greater confidence in the future application of developing computer automation procedures for performing continuous auditing/continuous monitoring after completing the second case 15. Help better recognize potential audit independence and impairment issues with sharing automated scripts within an organization
Requirements: A list of needed procedures in ACL follows: 1. 2. 3. Create a new project and name it Dormant Users Exam. Import the Excel file Active Directory Users that has been provided. Extract the records of dormant users via the AGE function (use ACL Help on use of the AGE function, if needed, and use January 21, 2010 as the current date). Print the results. Export the results to an Excel file.
4. 5.
After verifying results: 6. Create a script, including the import and export, for continuous auditing/monitoring purposes. Run the script to verify that it works. Analyze the results. Backup all your files.
7. 8. 9.
To Turn in for Grading: a. b. c. d. ACL printout of report identifying dormant users. ACL log of all activities in the script. Excel file printout of dormant users. IT auditors, accountants and managers have a professional oath of loyalty to their employers and the goal of providing management with the information that will best help achieve the long-run goals and mission of the organization. This oath
370
could indicate to some that the sharing of scripts between internal auditors, accountants, and managers is appropriate for ensuring continuous auditing and continuous monitoring are both performed properly throughout the organization. However, potential problems exist when continuous auditing/continuous monitoring scripts are shared within an organization. Consider the following questions: If an internal auditor creates a successful continuous auditing script, should it be shared with other departments or operating divisions? After a management accountant develops a successful continuous monitoring script, does a problem exist if it is shared with other departments or operating divisions?
Write a memo no longer than one page, assuming the role of an IT auditor with Tremeg, which is addressed to Tremegs Audit Committee expressing your concerns about the sharing of scripts within an organization.
371
Appendix D Teaching Notes for ACL Case Teaching Continuous Auditing/Monitoring The two-part Tremeg Corporation (TC) case on using ACL scripts to teach continuous auditing/monitoring (CA/CM) has been successfully used in multiple sections of graduate IT audit courses at two universities for students with no prior knowledge or experience with ACL. While based on ACL Version 9, the case can be done in Version 8 or the Educational version with little variation in screenshots. The following notes are not implied as requirements for successful case usage, but are factors that have been well received by students. Notes on the ethical and human resource related questions are considered an equally important part of the holistic case. Notes on specific responses to the ethics related questions are not included in order not to imply that a single correct response is available. Contact the authors if a few alternative responses are desired.
Preparation We suggest having students read some material that provides a brief overview of ACL. There are several audit and AIS texts that have five to ten page discussions on ACL. Any one of these may be used, or students may browse the ACL Help facility within the software and/or the ACL.com website. An online tutorial is available via the ACL website, but students do not need to complete the tutorial in order to finish the Tremeg case. With respect to the topics of CA and CM, a number of articles and resources, both practice and academic, can provide a good overview of defining and explaining CA and CM. A sample of some practitioner articles and research studies are included at the end of these teaching notes.
372
Class Setup It is suggested to have one class period on ACL concurrent with the distribution of the terminated user case tutorial. We suggest that this class consist of a short presentation of ACL terminology and commands followed by an emphasis on demonstrations of ACL applications. The first module of the ACL online tutorial covers data concepts and how data are stored and used by ACL if the instructor chooses to assign it prior to students starting the Tremeg case. If students do not have an ACL guide or workbook, a handout of the terminology and commands can be gleaned and excerpted from materials at ACL.org. The presentation should include an overview of how ACL works. The overview can mention that ACL involves taking client data (such as from an Excel file) and importing into the software via specific commands. The imported data can then be manipulated, sorted, organized and/or placed into new tables (both within and outside of ACL) as a view for the purpose of further study and analysis. Students are likely to be most impressed if an external practitioner experienced in ACL uses most of the class period to demonstrate real world applications using live data. Alternatively, the instructor may demonstrate materials available from ACL training courses.
Terminated User Case Execution by Students Nearly all students successfully complete the terminated user case with few problems when the detailed screen capture instructions are made available. The area where students are most likely to have some technical ACL problems is with the last activity, creating the script. This may be due to typographical errors when performing this and earlier activities, thereby creating differences in the log which is used to create the script. Comments about each of the six portions of activities have been presented in the paper for which these teaching notes
373
accompany. It is suggested that students be warned that they should pay careful attention to all instructions, such as the steps for creating the script, so that students not only perform the assignment successfully but also gain an appreciation for the capabilities of ACL, such as the joining of tables and the automation of scripts. A sample memo to accompany the fourth deliverable requested in the terminated user case is included with these notes. Note that the memo refers to the employee, Debra Phillips. Per the report output generated and the filter ran for this deliverable, this terminated employee has subsequently accessed her account at Tremeg after her date of termination. Upon completion of the case, a discussion of the case as to the usefulness for performing CA/CM should be beneficial to students who will be expected to also complete the second part of the case. The class can discuss the usefulness of scripts for detecting and investigating the potential for fraud (such as the IT security breach in the case); what types of situations would scripts be useful to audit and monitor; how often the script should be run; and the need to structure the files used so that copies of each would be maintained and not written over upon each running of the script. When the script is rerun, students should be made aware that the files should be moved to a secure place and renamed, such as by the date on which they were run. Discussion of the privacy matters from the seventh deliverable is likely to be very lively, meaningful and thought provoking.
Dormant Account User Case Execution by Students After completing the terminated user case, instructors may want to continue teaching the use of ACL for performing CA/CM to detect further potential issues of fraud. The second part of Tremeg is a dormant account case that may be assigned as a second tutorial or as an assignment
374
or take-home exam without the detailed instructions and screenshots while only providing the students with the deliverable requests. An example take-home exam is in Appendix C. In a graduate IT issues class in which this two-part case was pilot tested, the second part of the case was given as a take-home exam. In another graduate IT audit class at another university, the second part was given as a follow-up assignment without the detailed instructions and screenshots. Just as in the terminated user case, follow-up discussion of the issues regarding the sharing of scripts within an organization, especially by auditors, is also likely to be very lively, meaningful and thought provoking. One matter to note about the dormant account case is that the last login dates in the Excel file must be updated periodically to more recent dates when using the case from one semester to the next. This is because the identification of dormant accounts is based on comparing the last login dates to the current date on the computer. The sample take-home exam takes this into account by showing a current date to use when running ACL. To make the test more realistic and current, the data in the file should be updated periodically.
Weight in Course We have used this case in graduate courses at two universities. The case was first pilottested in a graduate IT issues course. The first part of the case constituted one tenth of the total points allocated to case assignments in the course. The second part of the case was then given as a take-home exam without the instructions and screenshots, constituting one sixth of the total points allocated to exams in the course. The case was used again in an IT audit course at another university, with each part representing an assignment in the course. No instructions or
375
screenshots were provided for the dormant account case. Each part constituted approximately one tenth of the total points allocated to case assignments in the course.
Student Feedback This two-part case has been used by two instructors in two sections of a graduate IT issues course at one university and then used again by an instructor in two sections of a graduate IT audit course at a second university. Approximately 50 students have completed the case, with students having no prior experience or knowledge of ACL. Anecdotal responses from students were exceptionally positive for both parts of the case. Student feedback included comments that the case is well-balanced in providing an understanding of several key aspects of ACL without being overly difficult. Positive comments were also provided that the case was meaningful, helpful, and at an appropriate level as a first exercise in ACL. Students were pleasantly surprised with the ease of generating and printing reports. Two students in the graduate IT issues course, one an internal auditor and the other an external auditor, appreciated the case such that they have subsequently taken additional training to become ACL specialists in their respective organizations. Survey responses were collected from students in the two sections of the IT audit course at another university that used the cased. Responses are reported and discussed in the paper for which these teaching notes accompany. Responses show that students significantly perceived that the case met all its desired objectives. Responses also indicate that the second part of the case provided significant reinforcement and further insight into the use of ACL to perform CA/CM for identifying the possibility of fraud and IT security breaches, as well as critically thinking and discussing ethical issues related to ACL, CA and CM. Similar to the some students
376
in the IT issues course, some students in the IT audit course sought additional information on ACL and careers in IT and investigative auditing.
Other Items to Consider If an IT oriented course also contains coverage of CobiT, the CA/CM procedures and results may be further discussed in terms of the Delivery and Support control objectives DS5.2 Identification, Authentication and Access, and DS5.4 User Account Management. Instructors may also choose to modify certain portions of the assignment to fit their needs. For example, the instructor that used this assignment in a graduate IT audit class modified the instructions so that each part of the case is performed on a flash drive, as opposed to the desktop of the students computer. In this scenario, the instructor loads onto individual flash drives: 1) Appendix A - the tutorial for the first part of the case, 2) associated Excel files, and 3) a copy of the ACL software that accompanies the course textbook. Having students complete the case on a flash drive does not require the ACL software to be loaded directly on a stand-alone or networked computer, thereby allowing students to complete the tutorial on any given computer. Providing a flash drive also provides easier convenient means of turning in a copy of the entire tutorial completed.
377
Examples of Suggested Practitioner Articles and Research Studies for Introducing the Topics of CA and CM Coderre, D. 2005. Global Technology Audit Guide Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment. Altamonte Springs, FL: Institute of Internal Auditors. Daigle, J. J., Daigle, R. J., & Lampe, J. C. 2008. Auditor ethics for continuous auditing and continuous monitoring. IS Audit & Control Journal, 3, 40-43. ISACA Standards Board 2002. Continuous auditing: Is it a fantasy or a reality? Information Systems Control Journal, 5, p 43-46. Kneer, D.C. 2003. Continuous assurance: We are way overdue. Information Systems Control Journal (1): 30-34. McCann, D. 2009. Internal audit: The continuous conundrum, CFO.com. <http://www.cfo.com/article.cfm/14440838>. Accessed 12.5.2010. Nehmer, R. 2003. Continuous audits: Taking the plunge. Information Systems Control Journal (1): 35-36. Sarva, S. 2006. Continuous auditing through leveraging technology. Information Systems Control Journal (2): 47-50. Vasarhelyi, M. A. 2002. Concepts in continuous assurance. Researching Accounting as an Information Systems Discipline, edited by V. Arnold and S. Sutton. Sarasota, FL: American Accounting Association. Vasarhelyi, M. A., Alles, M. G., & Kogan, A. 2004. Principles of analytic monitoring for continuous assurance. Journal of Emerging Technologies in Accounting (1): 1-21.
378
Sample Memo for the Fourth Deliverable in the Terminated User Case To: John Doe, Manager Security Administration Tremeg Corporation
From: Brilliant New Hire Accounting Tremeg Corporation During the process of continuously monitoring computer activity by terminated employees, we have discovered employees who have been terminated from Tremeg Corporation, but still have computer access to IT resources. During the most recent monthly run, (see report attached) it has been discovered that two employees terminated in the past seven days (mm/dd/yy mm/dd/yy) are still classified as active users. The highlighted line in the audit report indicates that one of these two employees has accessed the system four days after termination. Control objectives are that user access for all terminated Tremeg employees should be disabled immediately upon termination. Concerns over the terminated employee in question, Debra Phillips, include: Is it Debra Phillips who continues to have access to IT resources or is it some other person who has access through her user ID and password? Was access from inside Tremeg facilities or from a remote location? Was access made to any sensitive data? Were copies made of data or software? Were changes made to any data or software? Were Tremeg resources used for personal or illegal purposes?
Please reply to the above questions and to the disabling of access for all the listed terminated Tremeg employees. mm/dd/yy
379
Microsoft Excel File All_Employees.xls Employee Number e0001 e0002 e0003 e0004 e0005 e0006 e0007 e0008 e0009 e0010 e0011 e0012 e0013 e0014 e0015 e0016 e0017 e0018 e0019 e0020 e0021 e0022 e0023 e0024 e0025 e0026 e0027 e0028 e0029 e0030 e0031 e0032 e0033 e0034 e0035 e0036 e0037 e0038 e0040 e0041 e0042 e0043 e0044 e0045 e0046 e0047 e0048 e0049 e0050 First Name Jill Chad Al Dean Eddie Greg Tracy Susan Christine Leo George Richard Don Cindy Matthew Jackson David Jenny Cooper Peter Roy Cynthia Gayle Thomas Paul Allison Michael Brad Danny Nikki Vanessa Amanda Lilly Clair Kate Ethel Robert Susie Todd Ben Bengie Melanie Jennifer Sissy Anna Sara Craig Debra Tina Last Name Date Terminated Joseph Jones Dean Johnson Parker Smith 3/23/2010 Cross Dun Coppula George Jackson 9/6/2009 Touchet 9/5/2009 Johnson Winfrey 9/12/2009 Roberts Smith 5/5/2009 Davidson 3/5/2009 Cooper Bobbin Carpenter Schexnayder Scarton Watson France Larter Milo Garza Martin 3/23/2009 Flannery Jackson 4/25/2009 Pett Clair Frasier Fauscett Kennedy Simmerman Delaune Simms Savoie Arcement Godso Daigle 7/17/2009 Nicole Leblanc Stern 7/18/2009 McCormick Evans Phillips 3/19/2010 Messing
380
e0051 e0052 e0053 e0054 e0055 e0056 e0057 e0058 e0059 e0060 e0061 e0062 e0063 e0064 e0065 e0066 e0067 e0068 e0069 e0070 e0071 e0072 e0073 e0074 e0075 e0076 e0077 e0078 e0079 e0080 e0081 e0082 e0083 e0084 e0085 e0086 e0087 e0088 e0089 e0090 e0091 e0092 e0093 e0094 e0095 e0096 e0097 e0098 e0099 e0100 e0124 e0354 Joe Sue Keith Joey Albert Richie Dawn Katie Johnson Dan Jonathan Michael Ronny Renee Brent Angela Susanne William Fred Ray Charlie Willy Jenny Jim Noami Nancy Bill Claudia Beaux Jack Josie Kimberly Chase Michelle Barnie Stephen Jeff Lilly Tom Ryan Louie Harold Jacob Grace Jude Cameron Marisa Bryan Clay Lewis Gary Anita Humphrey Urban Simpson Brown Marcombe Walker Pitre Flicka Rome Page Booth Breaux Rodrigue Paxton Saxton Casper Reynolds Riley Jenneva Staurt Albertson Hoag Grey Foster Parker Carter Freeman Plaisance Blanchard Lopez Jett Kimmel Letterman Clemens Punch Jefferson Antwone Hanks Ryan Hanson Larmar Jacobs Brown Wilson Diaz Hawn Cox Murray Melancon Donald Lynch Lozano
8/12/2009 8/16/2009
9/7/2009
381
e0456 e0476 e0627 e0710 e0766 e1122 e1151 e1342 e1423 e1510 e1538 e1609 e1892 e1987 e2000 e2255 e2273 e2283 e2291 e2714 e2855 e3297 e3449 e3572 e3691 e4218 e4444 e4445 e4604 e4645 e4736 e4799 e5025 e5140 e5211 e5278 e5395 e5432 e5484 e5523 e5617 e5673 e5744 e5866 e6039 e6253 e6258 e6635 e6896 e6995 e7004 e7123 Travis Chip Huanita Margie Bernnie Leslie Martha Ronny Claud Estelle Jill George Shelly Chad Janice Jeff Raymond Travis Helen Carol Keith Bob Steve Wesleyh Ann Silvia Jane Natasha Bernnie Janet Dale Robert Larry Margaret Steve James Vera Danny Beth Martha Rachel Mark Barbara Thelma Robert Karen Olga Erin Andrew David Tom Mary Wagner Ebert Villa Sharpe Porter Jackson Oliver Wilmer Chaplin Davis Daigle Waldowski Johnson Davidson Smith Washam Vickers Jenkins Gerken Wells Beegle Hall Underwood Hills Moreno Smithers Applebee Milakovich Stewart Cooley Deberry Durr Odell Reeve Gibbs Day Underhill David Rivero Sanders Hillhouse Topper Laney Owens Raymer Weaver Edmonds Miller Vester Ulmer Tuter Russell 11/23/2009
11/2/2009 4/18/2009 9/22/2009 10/16/2009 11/6/2009 4/11/2009 2/6/2010 10/25/2009 2/2/2010 2/23/2010 1/23/2010 10/30/2009 12/13/2009 8/2/2009 8/17/2009 5/19/2009 9/12/2009 11/16/2009 7/20/2009 9/14/2009 9/18/2009 10/17/2009
12/6/2009 10/5/2009 6/27/2009 11/14/2009 6/2/2009 12/5/2009 11/21/2009 4/25/2009
8/7/2009
8/22/2009 5/15/2009
382
e7186 e7631 e7719 e8049 e8088 e8285 e8521 e8929 e9119 e9326 e9574 e9584 e9857 e9898 Joyce Mike Noah Bill John Glenda Trina Charles Brian Roy Don Marvin Angela Roy Welch Kinder Gibson Floyd Morgan McConnell Shelton Benson Treadman Beckmeyer Waisner Featherstone Hainey Jackson 12/19/2009 8/4/2009 7/3/2009 8/15/2009 10/2/2009 7/18/2009 4/3/2009 10/24/2009 11/7/2009 8/24/2009 5/29/2009 9/15/2009
383
Microsoft Excel File Active_Directory_Users.xls e0002 e0003 e0004 e0005 e0006 e0007 e0008 e0009 e0010 e0011 e0012 e0013 e0014 e0015 e0016 e0017 e0018 e0019 e0020 e0021 e0022 e0023 e0024 e0025 e0026 e0027 e0028 e0029 e0030 e0031 e0032 e0033 e0034 e0035 e0036 e0037 e0038 e0040 e0041 e0042 e0043 e0044 e0045 e0046 e0047 e0048 e0049 e0050 e0051 e0052 Chad Al Dean Eddie Greg Tracy Susan Christine Leo George Richard Don Cindy Matthew Jackson David Jenny Cooper Peter Roy Cynthia Gayle Thomas Paul Allison Michael Brad Danny Nikki Vanessa Amanda Lilly Clair Kate Ethel Robert Susie Todd Ben Bengie Melanie Jennifer Sissy Anna Sara Craig Debra Tina Joe Sue Jones Dean Johnson Parker Smith Cross Dun Coppula George Jackson Touchet Johnson Winfrey Roberts Smith Davidson Cooper Bobbin Carpenter Schexnayder Scarton Watson France Larter Milo Garza Martin Flannery Jackson Pett Clair Frasier Fauscett Kennedy Simmerman Delaune Simms Savoie Arcement Godso Daigle Nicole Leblanc Stern McCormick Evans Phillips Messing Humphrey Urban FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 9/6/2009 9/5/2009 9/27/2009 9/12/2009 9/17/2009 5/5/2009 3/5/2009 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/3/2009 3/23/2009 4/12/2009 4/25/2009 6/15/2009 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 7/17/2009 7/23/2009 7/14/2009 7/18/2009 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010
384
e0053 e0054 e0055 e0056 e0057 e0058 e0059 e0060 e0061 e0062 e0063 e0064 e0065 e0066 e0067 e0068 e0069 e0070 e0071 e0072 e0073 e0074 e0075 e0076 e0077 e0078 e0079 e0080 e0081 e0082 e0083 e0084 e0085 e0086 e0087 e0088 e0089 e0090 e0091 e0092 e0093 e0094 e0095 e0096 e0097 e0098 e0099 e0100 e4444 e1342 e5432 e9898 Keith Joey Albert Richie Dawn Katie Johnson Dan Jonathan Michael Ronny Renee Brent Angela Susanne William Fred Ray Charlie Willy Jenny Jim Noami Nancy Bill Claudia Beaux Jack Josie Kimberly Chase Michelle Barnie Stephen Jeff Lilly Tom Ryan Louie Harold Jacob Grace Jude Cameron Marisa Bryan Clay Lewis Jane Ronny Danny Roy Simpson Brown Marcombe Walker Pitre Flicka Rome Page Booth Breaux Rodrigue Paxton Saxton Casper Reynolds Riley Jenneva Staurt Albertson Hoag Grey Foster Parker Carter Freeman Plaisance Blanchard Lopez Jett Kimmel Letterman Clemens Punch Jefferson Antwone Hanks Ryan Hanson Larmar Jacobs Brown Wilson Diaz Hawn Cox Murray Melancon Donald Applebee Wilmer David Jackson FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE TRUE TRUE TRUE TRUE 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 8/12/2009 8/14/2009 8/16/2009 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 11/2/2009 11/6/2009 11/24/2009 3/23/2010
385
e5484 e5523 e5617 e5673 e5744 e5866 e6039 e6253 e6258 e6635 e6896 e6995 e7004 e7123 e7186 e7631 e7719 e8049 e8088 e8285 e8521 e8929 e9119 e9326 e9574 e9584 e9857 Beth Martha Rachel Mark Barbara Thelma Robert Karen Olga Erin Andrew David Tom Mary Joyce Mike Noah Bill John Glenda Trina Charles Brian Roy Don Marvin Angela Rivero Sanders Hillhouse Topper Laney Owens Raymer Weaver Edmonds Miller Vester Ulmer Tuter Russell Welch Kinder Gibson Floyd Morgan McConnell Shelton Benson Treadman Beckmeyer Waisner Featherstone Hainey FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE 11/21/2009 4/25/2009 3/23/2010 3/23/2010 8/7/2009 3/23/2010 3/23/2010 3/23/2010 3/23/2010 3/23/2010 8/22/2009 5/15/2009 3/23/2010 3/23/2010 12/19/2009 8/4/2009 7/3/2009 8/15/2009 10/2/2009 7/18/2009 3/23/2010 4/3/2009 10/24/2009 11/7/2009 8/24/2009 5/29/2009 9/15/2009
386
Microsoft Excel File Active_Directory_Users1.xls User ID e0001 e0002 e0003 e0004 e0005 e0006 e0007 e0008 e0009 e0010 e0011 e0012 e0013 e0014 e0015 e0016 e0017 e0018 e0019 e0020 e0021 e0022 e0023 e0024 e0025 e0026 e0027 e0028 e0029 e0030 e0031 e0032 e0033 e0034 e0035 e0036 e0037 e0038 e0040 e0041 e0042 e0043 e0044 e0045 e0046 e0047 e0048 e0049 e0050 First Name Jill Chad Al Dean Eddie Greg Tracy Susan Christine Leo George Richard Don Cindy Matthew Jackson David Jenny Cooper Peter Roy Cynthia Gayle Thomas Paul Allison Michael Brad Danny Nikki Vanessa Amanda Lilly Clair Kate Ethel Robert Susie Todd Ben Bengie Melanie Jennifer Sissy Anna Sara Craig Debra Tina Last Name Joseph Jones Dean Johnson Parker Smith Cross Dun Coppula George Jackson Touchet Johnson Winfrey Roberts Smith Davidson Cooper Bobbin Carpenter Schexnayder Scarton Watson France Larter Milo Garza Martin Flannery Jackson Pett Clair Frasier Fauscett Kennedy Simmerman Delaune Simms Savoie Arcement Godso Daigle Nicole Leblanc Stern McCormick Evans Phillips Messing Disabled FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE Last Login 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 10/10/2009 10/9/2009 10/1/2009 10/16/2009 10/19/2009 2/9/2009 9/28/2009 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 10/7/2009 10/3/2009 9/29/2009 1/29/2008 10/19/2009 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 9/30/2009 4/27/2009 4/18/2009 10/12/2009 1/21/2010 1/21/2010 1/21/2010 1/21/2010
387
e0051 e0052 e0053 e0054 e0055 e0056 e0057 e0058 e0059 e0060 e0061 e0062 e0063 e0064 e0065 e0066 e0067 e0068 e0069 e0070 e0071 e0072 e0073 e0074 e0075 e0076 e0077 e0078 e0079 e0080 e0081 e0082 e0083 e0084 e0085 e0086 e0087 e0088 e0089 e0090 e0091 e0092 e0093 e0094 e0095 e0096 e0097 e0098 e0099 e0100 e1342 e4444 Joe Sue Keith Joey Albert Richie Dawn Katie Johnson Dan Jonathan Michael Ronny Renee Brent Angela Susanne William Fred Ray Charlie Willy Jenny Jim Noami Nancy Bill Claudia Beaux Jack Josie Kimberly Chase Michelle Barnie Stephen Jeff Lilly Tom Ryan Louie Harold Jacob Grace Jude Cameron Marisa Bryan Clay Lewis Ronny Jane Humphrey Urban Simpson Brown Marcombe Walker Pitre Flicka Rome Page Booth Breaux Rodrigue Paxton Saxton Casper Reynolds Riley Jenneva Staurt Albertson Hoag Grey Foster Parker Carter Freeman Plaisance Blanchard Lopez Jett Kimmel Letterman Clemens Punch Jefferson Antwone Hanks Ryan Hanson Larmar Jacobs Brown Wilson Diaz Hawn Cox Murray Melancon Donald Wilmer Applebee FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE TRUE TRUE 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 10/16/2009 5/18/2009 9/29/2009 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 8/10/2009 8/6/2009
388
e5432 e5484 e5523 e5617 e5673 e5744 e5866 e6039 e6253 e6258 e6635 e6896 e6995 e7004 e7123 e7186 e7631 e7719 e8049 e8088 e8285 e8521 e8929 e9119 e9326 e9574 e9584 e9857 e9898 Danny Beth Martha Rachel Mark Barbara Thelma Robert Karen Olga Erin Andrew David Tom Mary Joyce Mike Noah Bill John Glenda Trina Charles Brian Roy Don Marvin Angela Roy David Rivero Sanders Hillhouse Topper Laney Owens Raymer Weaver Edmonds Miller Vester Ulmer Tuter Russell Welch Kinder Gibson Floyd Morgan McConnell Shelton Benson Treadman Beckmeyer Waisner Featherstone Hainey Jackson TRUE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE FALSE TRUE 8/28/2009 8/25/2009 10/19/2009 1/21/2010 1/21/2010 9/29/2009 1/21/2010 1/21/2010 1/21/2010 1/21/2010 1/21/2010 10/1/2009 10/19/2009 1/21/2010 1/21/2010 10/1/2009 10/18/2009 4/7/2009 5/19/2009 7/6/2009 9/30/2009 1/21/2010 9/30/2009 9/28/2009 8/11/2009 10/3/2009 10/4/2009 9/25/2009 12/27/2009
389

2011 V3n2a10

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2011 V3n2a10

Uploaded by

Copyright:

Available Formats

Journal of Forensic & Investigative Accounting Vol.

3, Issue 2, Special Issue, 2011

auditing and fraud investigation, is also important to management accountants.

Printout of ACL script created

Mean Response1, 2 (Standard Deviation) 4.24 (0.74)

Mean Response1, 2 (Standard Deviation) 4.48 (0.63)

4. Use your cursor to highlight <date> in the Expression box.

expression created is contained in the textbox located to the right of the

3. Select Excel from the Export As dropdown menu.

5. Click exported file.

. The resulting screen shows a Transaction History of the creation of the

2. Select from the toolbar File New Script.

9. Click Click the

again to make sure the expression is valid. Click

Note the function created is contained in the textbook next to the

3. Select Excel from the Export As dropdown menu.

5. Click exported file.

. The resulting screen shows a Transaction History of the creation of the

2. Select from the toolbar File New Script.

12/6/2009 10/5/2009 6/27/2009 11/14/2009 6/2/2009 12/5/2009 11/21/2009 4/25/2009

You might also like